8000 Handle access denied exceptions on resource details fetching by sundowndev Β· Pull Request #882 Β· snyk/driftctl Β· GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Handle access denied exceptions on resource details fetching #882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 2, 2021
Merged

Handle access denied exceptions on resource details fetching #882

merged 3 commits into from
Aug 2, 2021

Conversation

sundowndev
Copy link
Contributor
@sundowndev sundowndev commented Jul 26, 2021
edited
Loading
Q A
πŸ› Bug fix? yes
πŸš€ New feature? no
⚠ Deprecations? no
❌ BC Break no
πŸ”— Related issues #666
❓ Documentation no

Description

Tested resources

  • aws_s3_bucket
  • aws_lambda_function
  • aws_s3_bucket_inventory
  • aws_s3_bucket_notification
  • aws_s3_bucket_metric
  • aws_s3_bucket_policy
  • aws_s3_bucket_analytics_configuration
  • aws_default_route_table
  • aws_route_table_association
  • aws_route
  • aws_security_group_rule
  • aws_sqs_queue
  • aws_sns_topic
  • aws_sns_topic_policy
  • aws_sns_topic_subscription
  • aws_dynamodb_table
  • aws_iam_access_key
  • aws_iam_role_policy_attachment
  • aws_iam_user_policy_attachment

@sundowndev sundowndev force-pushed the fix/accessDeniedExceptions branch from 79ee5a4 to f0833cc Compare July 26, 2021 14:16
@codecov
Copy link
codecov bot commented Jul 26, 2021
edited
Loading

Codecov Report

Merging #882 (de5a723) into main (47785e7) will decrease coverage by 0.01%.
The diff coverage is 70.39%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #882      +/-   ##
==========================================
- Coverage   81.59%   81.57%   -0.02%     
==========================================
  Files         232      232              
  Lines        7520     7551      +31     
==========================================
+ Hits         6136     6160      +24     
- Misses       1159     1164       +5     
- Partials      225      227       +2
Impacted Files Coverage Ξ”
pkg/remote/aws/dynamodb_table_details_fetcher.go 77.77% <0.00%> (ΓΈ)
...ote/aws/ec2_default_route_table_details_fetcher.go 77.77% <0.00%> (ΓΈ)
pkg/remote/aws/ec2_route_details_fetcher.go 81.81% <0.00%> (ΓΈ)
...aws/ec2_route_table_association_details_fetcher.go 77.77% <0.00%> (ΓΈ)
pkg/remote/aws/iam_access_key_details_fetcher.go 77.77% <0.00%> (ΓΈ)
pkg/remote/aws/iam_role_enumerator.go 92.85% <0.00%> (ΓΈ)
.../aws/iam_role_policy_attachment_details_fetcher.go 78.94% <0.00%> (ΓΈ)
.../aws/iam_user_policy_attachment_details_fetcher.go 78.94% <0.00%> (ΓΈ)
pkg/remote/aws/lambda_function_details_fetcher.go 81.25% <0.00%> (ΓΈ)
...kg/remote/aws/s3_bucket_analytic_detail_fetcher.go 77.77% <0.00%> (ΓΈ)
... and 70 more

@sundowndev sundowndev force-pushed the fix/accessDeniedExceptions branch 2 times, most recently from 721bb1b to 18e7d52 Compare July 28, 2021 14:30
@sundowndev sundowndev marked this pull request as ready for review July 28, 2021 14:38
@sundowndev sundowndev requested a review from a team as a code owner July 28, 2021 14:38
eliecharra
eliecharra suggested changes Jul 30, 2021
View reviewed changes
Copy link
Contributor
@eliecharra eliecharra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work πŸ‘πŸ» I only got some small implementation remarks

8000
@sundowndev sundowndev requested a review from eliecharra August 2, 2021 12:19
@sundowndev sundowndev force-pushed the fix/accessDeniedExceptions branch from eac03b3 to a31f71f Compare August 2, 2021 12:19
eliecharra
eliecharra suggested changes Aug 2, 2021
View reviewed changes
Copy link
Contributor
@eliecharra eliecharra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't wait to get this merged, I still one last little naming remark.

pkg/remote/resource_enumeration_error_handler.go Outdated
@@ -76,10 +122,18 @@ func handleAWSError(alerter alerter.AlerterInterface, listError *remoteerror.Res
return reqerr
}

func sendEnumerationAlert(provider string, alerter alerter.AlerterInterface, listError *remoteerror.ResourceEnumerationError) {
func sendAlert(provider string, alerter alerter.AlerterInterface, listError *remoteerror.ResourceScanningError, p ScanningPhase) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it should be called sendRemoteAccessDeniedAlert since this method is scoped to pkg/remote it will prevent us eventual name collisions in the future.

@sundowndev sundowndev merged commit dcc67c8 into main Aug 2, 2021
@sundowndev sundowndev deleted the fix/accessDeniedExceptions branch August 2, 2021 13:35
@sundowndev sundowndev added the kind/bug Something isn't working label Aug 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moadibfr moadibfr moadibfr left review comments

@eliecharra eliecharra eliecharra approved these changes

Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sundowndev @moadibfr @eliecharra
0